week 04/2024

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices

more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub